The ever-increasing value and risks associated with use of personal information have focused organizations on privacy compliance. In part, this has been driven by a constant stream of media stories highlighting poor information handling practices by some organizations, as well as a number of significant privacy breaches. Such breaches now commonly result in class action lawsuits.

In Canada, there is a complex network of laws governing privacy and data protection, including private-sector, health-sector and public sector statutes, sector-specific privacy obligations (e.g., for financial institutions), statutory privacy torts, and evolving common law torts such as "intrusion upon seclusion" and "publicity given to private life".

McMillan's Privacy Group understands privacy laws and their impact on day-to-day business activities, including the risks and opportunities associated with cross-border data transfers and outsourcing, privacy issues in areas with specific sensitivities such as youth, online, financial and health privacy, and the use of personal information for secondary marketing purposes. We advise clients on establishing a comprehensive privacy compliance infrastructure, so that they can reduce the risk of privacy complaints, investigations by privacy commissioners and other regulatory bodies, and privacy-related litigation. An effective compliance infrastructure can also help clients to mitigate the damage of any risks that may materialize.

McMillan professionals help clients lead by:

Advising on compliance with all aspects of applicable privacy laws across Canada

Providing guidance on the application of privacy laws to marketing activities, including online tracking and targeting of customers

Designing and performing audits of current practices and risks associated with the use of personal information (data mapping, risks assessment)